HP has discovered a fake Windows 11 installer application that is loaded with malware. The Windows 11 installer is floating on the internet with RedLine Stealer, a malware that is capable of stealing users’ personal information after being downloaded on a computer system.
RedLine Stealer malware is capable of stealing users’ personal information including passwords, browsing history, banking information and cryptocurrency wallet details as well. Some users might have secondary information linked with their computer or the applications and accounts stored in a computer. These malware loaded Windows 11 installers are circling on malicious websites and can get into a PC once downloaded and installed.
With Windows 11, Microsoft increased the basic system requirements for upgrading to the OS. While all Windows 10 users are eligible for a free update to Windows 11, not everyone’s PC supports the hardware requirements. While installing Windows 11 through the authentic installer program discovers and informs users of hardware incompatibility, the fake Windows 11 installer pretends to download the new operating system anyway.
When a user downloads the fake Windows 11 installer, “Windows11InstallationAssistant.zip” will be received by the user which weighs 1.5MB. The zip file contains about six Windows DLLs and one XML file and another executable file. Once the users decompress the file, they get a folder that weighs 753MB. While this file has an unusually higher compression ratio, it contains the RedLine Stealer malware.
Upon executing the fake Windows 11 installer, the malware gets into a computer and can then extract users’ personal information. The malware can download and upload files without users’ consent, and execute files as well. To prevent this malware from getting into the PC, users should not download any files from untrusted sources.